Latest CompTIA CAS-002 Actual Free Exam Questions & Community Discussion, Page 6

Question #76

A systems administrator establishes a CIFS share on a UNIX device to share data to Windows systems. The security authentication on the Windows domain is set to the highest level. Windows users are stating that they cannot authenticate to the UNIX share. Which of the following settings on the UNIX server would correct this problem?

A. Accept only LM

B. Accept only NTLM

C. Refuse NTLMv2 and accept LM

D. Refuse LM and only accept NTLMv2

Discussion 0

Correct Answer: D Vote an answer

Question #77

A Chief Information Security Officer (CISO) of a major consulting firm has significantly increased the company's security posture; however, the company is still plagued by data breaches of misplaced assets. These data breaches as a result have led to the compromise of sensitive corporate and client data on at least 25 occasions. Each employee in the company is provided a laptop to perform company business. Which of the following actions can the CISO take to mitigate the breaches?

A. Implement new continuous monitoring procedures.

B. Implement an open source system which allows data to be encrypted while processed.

C. Implement full disk encryption on all storage devices the firm owns.

D. Reload all user laptops with full disk encryption software immediately.

Discussion 0

Correct Answer: C Vote an answer

Question #78

An asset manager is struggling with the best way to reduce the time required to perform asset location activities in a large warehouse. A project manager indicated that RFID might be a valid solution if the asset manager's requirements were supported by current RFID capabilities. Which of the following requirements would be MOST difficult for the asset manager to implement?

A. The ability to integrate environmental sensors into the RFID tag

B. The ability to encrypt RFID data in transmission

C. The ability to assign RFID tags a unique identifier

D. The ability to track assets in real time as they move throughout the facility

Discussion 0

Correct Answer: B Vote an answer

Question #79

Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ.
Which of the following is the MOST important to be considered before going ahead with the service?

A. A physical site audit is performed on Company XYZ's management / operation.

B. Ensure there are security controls within the contract and the right to audit.

C. Internal auditors have approved the outsourcing arrangement.

D. Penetration testing can be performed on the externally facing web system.

Discussion 0

Correct Answer: D Vote an answer

Question #80

A company has issued a new mobile device policy permitting BYOD and company-issued devices. The company-issued device has a managed middleware client that restricts the applications allowed on company devices and provides those that are approved. The middleware client provides configuration standardization for both company owned and BYOD to secure data and communication to the device according to industry best practices. The policy states that, "BYOD clients must meet the company's infrastructure requirements to permit a connection." The company also issues a memorandum separate from the policy, which provides instructions for the purchase, installation, and use of the middleware client on BYOD. Which of the following is being described?

A. Change management

B. Transference of risk

C. Asset management

D. IT governance

Discussion 0

Correct Answer: D Vote an answer

Question #81

The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees:
Employee A. Works in the accounts receivable office and is in charge of entering data into the finance system.
Employee B. Works in the accounts payable office and is in charge of approving purchase orders.
Employee C. Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B.
Which of the following should the auditor suggest be done to avoid future security breaches?

A. All employees should have the same access level to be able to check on each other's.

B. The manager should be able to both enter and approve information.

C. Employee A and Employee B should rotate jobs at a set interval and cross-train.

D. The manager should only be able to review the data and approve purchase orders.

Discussion 0

Correct Answer: D Vote an answer

Question #82

Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. Ann has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should Ann suggest to BEST secure this environment?

A. Create an IP camera network and restrict access to cameras from a single management host.

B. Create an IP camera network and deploy NIPS to prevent unauthorized access.

C. Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.

D. Create an IP camera network and only allow SSL access to the cameras.

Discussion 0

Correct Answer: C Vote an answer

Question #83

Noticing latency issues at its connection to the Internet, a company suspects that it is being targeted in a Distributed Denial of Service attack. A security analyst discovers numerous inbound monlist requests coming to the company's NTP servers. Which of the following mitigates this activity with the LEAST impact to existing operations?

A. Disable the company's NTP servers.

B. Disable monlist on the company's NTP servers.

C. Block in-bound connections to the company's NTP servers.

D. Block IPs making monlist requests.

Discussion 0

Correct Answer: B Vote an answer

Question #84

A corporation has expanded for the first time by integrating several newly acquired businesses.
Which of the following are the FIRST tasks that the security team should undertake?
(Select TWO).

A. Re-image all end user computers to a standard image.

B. Develop interconnection policy.

C. Federate identity management systems.

D. Install firewalls between the businesses

E. Conduct a risk analysis of each acquired company's networks.

F. Remove acquired companies Internet access.

Discussion 0

Correct Answer: B,E Vote an answer

Question #85

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented?

A. Improper handling of customer data, loss of intellectual property and reputation damage

B. Cultural differences, increased cost of doing business and divestiture issues

C. Geographical regulation issues, loss of intellectual property and interoperability agreement issues

D. Improper handling of client data, interoperability agreement issues and regulatory issues

Discussion 0

Correct Answer: A Vote an answer

Question #86

A developer has implemented a piece of client-side JavaScript code to sanitize a user's provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log:
10.235.62.11 - - [02/Mar/2014:06:13:04] "GET
/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1" 200 5724
Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer?

A. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.

B. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.

C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation.

D. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.

Discussion 0

Correct Answer: C Vote an answer

Question #87

A University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus.
The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing. Which of the following is the BEST course of action?

A. Install a NIDS in front of all the transaction system terminals.

B. Notify the transaction system vendor of the security vulnerability that was discovered.

C. Use a protocol analyzer to reverse engineer the transaction system's protocol.

D. Contact the computer science students and threaten disciplinary action if they continue their actions.

Discussion 0

Correct Answer: C Vote an answer

Question #88

A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the company's online shopping application. Based on heuristic information from the Security Operations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5 times a year. The Business Operations department has determined the loss associated to each attack is $40,000. After implementing application caching, the number of DoS attacks was reduced to one time a year. The cost of the countermeasures was $100,000. Which of the following is the monetary value earned during the first year of operation?

A. $60,000

B. $140,000

C. $200,000

D. $100,000

Discussion 0

Correct Answer: A Vote an answer

Question #89

The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the following BEST describes the scenario presented and the document the ISO is reviewing?

A. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.

B. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ.

C. The ISO is evaluating the business implications of a recent telephone system failure within the BIA.

D. The ISO is investigating the impact of a possible downtime of the messaging system within the RA.

Discussion 0

Correct Answer: A Vote an answer

Question #90

A company has been purchased by another agency and the new security architect has identified new security goals for the organization. The current location has video surveillance throughout the building and entryways. The following requirements must be met:
1. Ability to log entry of all employees in and out of specific areas
2 . Access control into and out of all sensitive areas
3 . Two-factor authentication
Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO).

A. Mantrap

B. Proximity readers

C. Visitor logs

D. Biometric readers

E. Motion detection sensors

Discussion 0

Correct Answer: B,D Vote an answer

CompTIA CAS-002 Actual Free Exam Questions & Community Discussion

Download Free CompTIA CAS-002 Demo